The messages may appear to be from organizations you do business with – banks, for example. They might threaten to close your account or take other action if you don’t respond.

Don’t reply, and don’t click on links or call phone numbers provided in the message, either. These messages direct you to spoof sites – sites that look real but whose purpose is to steal your information so a scammer can run up bills or commit crimes in your name.

Area codes can mislead, too. Some scammers ask you to call a phone number to update your account or access a “refund.” But a local area code doesn’t guarantee that the caller is local.

If you’re concerned about your account or need to reach an organization you do business with, call the number on your financial statements or on the back of your credit card.

Action Steps

Don’t email personal or financial information. Email is not a secure method of transmitting personal information.

Only provide personal or financial information through an organization’s website if you typed in the web address yourself and you see signals that the site is secure, like a URL that begins https (the “s” stands for secure). Unfortunately, no indicator is foolproof; some phishers have forged security icons.

Review credit card and bank account statements as soon as you receive them to check for unauthorized charges. If your statement is late by more than a couple of days, call to confirm your billing address and account balances.

Be cautious about opening attachments and downloading files from emails, regardless of who sent them. These files can contain viruses or other malware that can weaken your computer’s security.

Report Phishing Emails

Forward phishing emails to spam@uce.gov — and to the company, bank, or organization impersonated in the email. Your report is most effective when you include the full email header, but most email programs hide this information. To find out how to include it, type the name of your email service with “full email header” into your favorite search engine.

You also can report phishing email to reportphishing@antiphishing.org. The Anti-Phishing Working Group — which includes ISPs, security vendors, financial institutions and law enforcement agencies — uses these reports to fight phishing.